package com.lrj.mysecurity.controller;

import com.lrj.mysecurity.entity.User;
import com.lrj.mysecurity.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/user")
public class UserController {
    @Autowired
    private UserService userService;

    @GetMapping("/{id}")
    //拥有读取用户权限才能访问
    @PreAuthorize("hasAnyAuthority('user.read')")
    public User getById(@PathVariable("id") Long id) {
        return userService.getById(id);
    }

    @PostMapping
    @PreAuthorize("hasAnyAuthority('user.create')")
    public User save(@RequestParam("username")String username) {
        User user = User.builder()
                .id(1L)
                .name(username)
                .build();
        return user;
    }
}
